The revelation is a surprising new aspect of an escalating cyberwar between countries that has already compromised infrastructure, elections and businesses. North Korea leaked Sony emails in a display of power, hackers shut down Ukraine's power grids during a conflict with Russia and the US is still reeling from Russian interference in the 2016 presidential election.

Using ransomware as a cover for national attacks has serious implications not just for governments. Innocent people end up in the crossfire of these massive cyberattacks. Whether it's hospitals, universities, supermarkets, airports or even a chocolate factory in the firing line, the mess eventually trickles down to you. It could mean not being able to get your medicine because Merck's data is compromised or having flights grounded at a hacked airport.

"Sabotage often has collateral damage," said Lesley Carhart, a digital forensics expert. "Nothing new. Just digitized."

Researchers found a variant of the Petya ransomware called GoldenEye attacking systems around the world.

Bitdefender

Flawed ransoming

The biggest tipoff that something was awry came from how the hackers planned to collect the ransom. The Posteo server shut down the email address that victims were supposed to use to contact the hackers, suggesting that aspect of the operation wasn't well thought out.

"If the authors of this malware's primary purpose was to make money, they certainly had the technical and strategic offensive skill set to successfully make way more than they did," Carhart said. "The actual 'ransoming' to get money was flawed and inefficient."

The WannaCry attack, which struck last month, had reaped roughly $132,000 as of Wednesday.

GoldenEye the destroyer

Researchers from both Comae Technologies and Kaspersky Lab found that GoldenEye was a wiper, designed to destroy data. It used as its base a form of ransomware called Petya (hence the NotPetya name) to encrypt crucial files, steal login credentials and seize your hard drive, too.

Researchers from Kaspersky called this the "worst-case" scenario for the victims.

"I wouldn't be surprised if they're trying to shut down a couple of facilities that they're targeting," said Amanda Rousseau, a malware researcher at Endgame.

Getty Images

GoldenEye started as an attack on a single organization, with the ransomware attaching itself to a software update for MeDoc, Ukraine's most popular tax-filing software. From that one victim, it spread to multibillion-dollar companies that were using it. (The companies all have branches in Ukraine.) About 60 percent of the attacks happened in Ukraine, according to Kaspersky Lab. GoldenEye, like WannaCry before it, used a technique from the National Security Agency to get into one PC and took advantage of Windows sharing tools to spread to every other computer on the same network.

Beyond Ukraine, the collateral damage continues after more than 200,000 computers around the world were infected. The attack showed hackers don't even have to target countries directly to get the job done.

If they can attack companies and infrastructure that help everyday life run smoothly, they've won.

"It's the equivalent of shutting down your power," Rousseau said.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.

Logging Out: Welcome to the crossroads of online life and the afterlife.